Index. BIOS rootkit, 119 Broad network access, 107



Similar documents
Trusted Geolocation in The Cloud Technical Demonstration

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms

Accelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation

Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology

Control your corner of the cloud.

One-Stop Intel TXT Activation Guide

One-Stop Intel TXT Activation Guide

opportunity Mechanisms to Protect Data in the Open Cloud

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Attestation: Proving Trustability

Swisscom Cloud. Building a secure cloud. SIGS, Christof Jungo

Chapter 1: Introduction

Cisco Trust Anchor Technologies

Data Center Connector for vsphere 3.0.0

CLOUD SECURITY: Secure Your Infrastructure

Patterns for Secure Boot and Secure Storage in Computer Systems

Can PCI DSS Compliance Be Achieved in a Cloud Environment?

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Dell Client BIOS: Signed Firmware Update

McAfee Public Cloud Server Security Suite

McAfee Security Architectures for the Public Sector

Embedded Trusted Computing on ARM-based systems

HyTrust Addendum to the VMware Product Applicability Guide. For. Federal Risk and Authorization Management Program (FedRAMP) version 1.

Building Blocks Towards a Trustworthy NFV Infrastructure

TPM Key Backup and Recovery. For Trusted Platforms

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Security in the Cloud

Alliance Key Manager Solution Brief

Acronym Term Description

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

On the security of Virtual Machine migration and related topics

How to Secure Infrastructure Clouds with Trusted Computing Technologies

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud

Cloud Security Specialist Certification Self-Study Kit Bundle

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com

Data Center Connector for OpenStack

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Technical Brief Distributed Trusted Computing

Securing Data on Microsoft SQL Server 2012

Jort Kollerie SonicWALL

Cloud: Where are we now? Gerald Gerry Seaman Cloud Marketing Manager Intel - Data Center Group Enterprise High Performance Group

Central Agency for Information Technology

Improving OpenStack* Hybrid Cloud Security

MS-55096: Securing Data on Microsoft SQL Server 2012

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

Secure Data Management in Trusted Computing

Technical Brief: Virtualization

Software Execution Protection in the Cloud

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

Opal SSDs Integrated with TPMs

Certification Report

Hi and welcome to the Microsoft Virtual Academy and

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

Intel Cloud Builders Guide to Cloud Design and Deployment on Intel Platforms

Chapter 4 Application, Data and Host Security

Data Protection: From PKI to Virtualization & Cloud

Using BroadSAFE TM Technology 07/18/05

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Intel Service Assurance Administrator. Product Overview

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

Security Model for VM in Cloud

Hardware Security Modules for Protecting Embedded Systems

VMware ESXi 3.5 update 2

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems

Security Issues in Cloud Computing

Property Based TPM Virtualization

Intel Cyber Security Briefing: Trends, Solutions, and Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp

Introducing etoken. What is etoken?

McAfee MOVE / VMware Collaboration Best Practices

Xerox Next Generation Security: Partnering with McAfee White Paper

Intel Trusted Execution Technology (Intel TXT)

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Transcription:

Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models, 83 TPM, 84 trusted launch, pools and compliance, 83 local attestations, 80 meaning, 79 Mt. Wilson technology, 87 OpenAttestation, 86 87 platforms and use models, 79 remote attestations, 80 service components capabilities, 82 endpoint, service and administrative components, 81 overview, 81 TCG defines, 79 transparent, 88 Attestation Identity Key (AIK), 23 Authenticated code module (ACM), 5, 18, 92 types, 18 verification and protection, 18 Autopromotion, 59 B BIOS rootkit, 119 Broad network access, 107 C Cloud computing, 7 8 cloud delivery models hybrid cloud model, 107 108 Infrastructure as a Service model, 109 Platform as a Service model, 109 private model, 107 108 public model, 107 108 Software as a Service model, 109 cloud variants, 106 broad network access, 107 definition, 107 measured service, 107 on-demand self-service, 107 rapid elasticity, 107 resource pooling, 107 compliance datacenter vs. cloud, 105 extended trusted pools asset tag, 114 benefits of tags, 114 116 geolocation & asset descriptors, 114 115 geotag, 114 Intel TXT and attestation, 115 Intel TXT models, 110 trusted compute pools trusted launch model, 110 129

index Common Event Format (CEF), 102 Compliance Cryptographic hash functions, 24 checksums, 25 digital fingerprint, 25 digital signature, 25 message authentication, 25 properties, 25 Cryptography asymmetric encryption, 24 cryptographic hash functions, 24 decryption, 23 encryption, 23 symmetric encryption, 24 D Data-at-rest, 2 Datacenter security cloud delivery models hybrid cloud model, 107 108 Infrastructure as a Service model, 109 Platform as a Service model, 109 private model, 107 108 public model, 107 108 Software as a Service model, 109 cloud variants, 106 broad network access, 107 definition, 107 measured service, 107 on-demand self-service, 107 rapid elasticity, 107 resource pooling, 107 compliance datacenter vs. cloud, 105 extended trusted pools asset tag, 114 benefits of tags, 114 116 geolocation & asset descriptors, 114 115 geotag, 114 Intel TXT and attestation, 115 Intel TXT models, 110 trusted compute pools trusted launch model, 110 Data-in-flight, 2 Data-in-use, 3 Dell PowerEdge R410, 39 E Enablement. See also Management and policy tools layer; Operating system or hypervisor enablement basics BIOS and TPM, 92 components, 92 elements, 92 menu structure, 93 OEM platform requirements and opportunities, 92 platform default, 92 security setup screen, 93 extended attestation services, 94 provisioning, 94 reporting and logging capability, 95 trusted computing, 94 updates, 94 layered pyramid model, 89 security applications layer broad security missions, 102 integration, 101 Intel TXT enabled platforms, 102 questions remain, 103 RSA, 102 SIEM and GRC management tools, 91 steps and requirements, 90 trusted launch and pools use model, 91 Endpoint component, 81 F Firmware Interface Table (FIT), 92 G Gathering platform, 81 Geotag, 114 Governance, risk, and compliance (GRC) tools, 90 Guest operating system, 6 130

Index H Hash Method of Authentication (HMAC) value, 20, 25 Host operating system, 6 Hypervisor enablement (see Operating system and hypervisor enablement) rootkit, 119 I, J, K Infrastructure as a Service (IaaS) model, 109 Intel Trusted Execution Technology (Intel TXT) attack types, 2 attestation, 9 benefits, 9 cloud computing, 7 cloud service provider/service client, 10 configuration, 4 description, 4 disadvantage, 11 dynamic chain of trust, 5 flexibility, 4 goal, 1, 4 measured launch environment, 6 7 measurement process, 4 roles and responsibilities host operating system, 13 OEM, 12 TPM ownership, 12 sealed storage, 1 security level, 2 server enhancement BIOS inclusion, 11 client and server platforms, 12 processor-based CRTM, 11 RAS features, 11 server architecture complexity, 12 System Management Module code, 12 static chain of trust, 5 third-party software, 13 TPM chip, 4 trusted compute pool, 10 trusted servers, 4 virtualization, 6 Intel TXT attestation, 35 boot sequence, 29 concepts, 26 conceptual architecture, 85 cryptography asymmetric encryption, 24 cryptographic hash functions, 24 decryption, 23 encryption, 23 symmetric encryption, 24 dynamic measurements, 28 launch control policy, 33 MLE element, 34 NV policy data, 35 PCONF, 34 platform supplier and owner policy, 34 protection, 35 measured launch process, 31 measurements, 26 models, 83, 110 operating system, 28 platform configuration, 28 reset attack protection, 33 sealing, 35 secure measurements, 27 static measurements, 27 TPM Attestation Identity Key, 23 interface, 19 nonvolatile random access memory, 22 ownership and access enforcement, 23 platform configuration registers, 21 public and private key, 21 random number generator, 20 RSA asymmetric algorithm, 21 security functions, 18 19 trusted launch, pools and compliance, 83 Intel TXT capable platform components authenticated code module, 18 BIOS, 17 chipsets, 17 processor, 16 Trusted Platform Module, 17 definition, 16 Intel Virtualization Technology (Intel VT), 38 L Launch control policy (LCP), 61, 80 ACM, 48 ANY, 47 ANY policy specification, 53 autopromotion requirement, 64 considerations, 59 decision matrix, 77 establish trusted pools, 56 flow, 49 generator, 49 host operating systems MLE policy creation tools, 71 OS/VMM vendor, 71 impact of BIOS updates, 73 OS/VMM updates, 73 131

index Launch control policy (LCP) (cont.) platform configuration changes, 73 SINIT updates, 72 insights, 47 management multiple lists for version control, 74 signed list usage, 74 simplest policy, 75 single policy for server groups, 73 vendor-signed policies, 74 measured launch process, 47 MLE element specification, 52 NV Policy Data, 48 overview, 62 PCONF element specification, 51 PCONF policy, 64 65 challenges, 70 PcrDump, 69 PCRInfo, 70 remote attestation, 64 specification, 65 policy data structure, 48 prevent interference by platform supplier policy, 56 reduce need for remote attestation, 58 remote attestation, 63 reset attack protection, 59, 64 revoke platform default policy, 54 signed lists, 50 strategies available tools, 76 confidence, 75 PCRs, 76 remote attestation, 76 reset protections, 76 risk, 76 training, 75 trusted pools, 76 TPM access restriction, 64 TPM password, 77 trusted ACM specification, 53 LIST policy, 49 Local attestations, 80 M Management and policy tools layer attestation services, 100 evolutionary enhancement, 99 HyTrust appliance, 99 provisioning, 100 reporting and logging functions, 100 roles, 99 server trust status, 101 trusted compute pools, 97 updates, 100 McAfee epolicy Orchestrator (epo), 102 Measured launch environment, 6 7 code, 6 7, 48, 52 policy, 61 Measured service, 107 Mt. Wilson technology, 87 88 N Nonvolatile random access memory, 22 NV Policy Data, 48 O OEM platform enablement requirements and opportunities, 92 On-demand self-service, 107 One-party encryption. See Symmetric encryption OpenAttestation, 86 Open-source project, 86 Operating system and hypervisor enablement basic enablement, 96 ISV, 96 key trusted platforms, 96 SINIT module, 96 TCB and LCP, 96 TPM, 96 trust-based reporting and logging capabilities, 97 trusted computing stack, 95 P, Q Physical presence interface, 40 Platform as a Service (PaaS) model, 109 Platform Configuration (PCONF) policy, 61, 64 challenges, 70 PcrDump, 69 PCRInfo, 70 specification, 65 Platform configuration registers (PCRs), 5, 21 Platform default (PD) policy, 54 Platform trust, 117 Provisioning BIOS setup automating BIOS provisioning, 40 enable and activate TPM, 38 enable Intel TXT, 39 enable supporting technology, 38 summary of, 39 create owner s launch control policy (see Launch control policy (LCP)) establish TPM ownership (see Trusted Platform Module (TPM)) steps to provision new platform, 37 132

Index trusted host operating system OS/VMM installation, 45 Ubuntu, 45 VMware ESXi, 45 R Random number generator (RNG), 20 Rapid elasticity, 107 Remote attestations, 80 Reporting and logging capability, 95 Resource pooling, 107 Risk management, 118 Root kits, 3 S SDK architecture overview, 87 Security applications layer broad security missions, 102 integration, 101 Intel TXT enabled platforms, 102 questions remain, 103 RSA, 102 Security incident management and analysis tools (SIEM), 90 Service components capabilities, 82 conceptual architecture, 81 endpoint, service and administrative components, 81 overview, 81 Signed BIOS policy, 59 SINIT policy, 61 Software as a Service (SaaS) model, 109 Software development kit (SDK), 86 Symmetric encryption, 24 T, U, V Trusted Boot (TBOOT) module, 31, 45 Trusted Compute Base (TCB), 96 Trusted compute pools (TCP) Trusted computing anti-malware, 125 BIOS rootkit, 119 End-to-End Trust, 124 evolution, 123 guest images, 124 Hypervisor rootkit, 119 IT security toolbox, 119 launch time measurement, 122 123 private and public cloud computing, 120 protections and assurance cryptographic measurement techniques, 121 ecosystem, 121 GRC, 122 hardware, 120 hypervisor integrity, 121 requirements, 121 virtualized/cloud models, 122 stack integrity asset and location control aspect, 126 datacenter and security, 127 digital certificates, 126 host integrity, 126 McAfee, 125 McAfee MOVE Antivirus, 127 McAfee SiteAdvisor, 126 threats, 122 whitelist approach, 123 Trusted Computing Group (TCG), 3, 79 Trusted launch and pools use model, 91 Trusted launch model, 110 Trusted operating system, 6 Trusted Platform Module (TPM), 17 18, 92 Attestation Identity Key, 23 chip, 4 enable and activate, 38 interface, 19 control protocol, 20 localities, 19 nonvolatile random access memory, 22 ownership and access enforcement, 23 authorization values, 43 definition, 40 establish ownership, 40 local pass-through TPM model, 41 management server model, 42 remote pass-through TPM model, 41 Platform Configuration Registers, 21 public and private key, 21 random number generator, 20 RSA asymmetric algorithm, 21 security functions, 18 19 W, X, Y, Z Whitelisting, 36 133

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information